Java SE 6u20
Oracle Patch Ormandy's Security Vulnerability
Oracle have released a patch for Java SE 6, which rectifies the vulnerability in Java Web Start.
The vulnerability was first identified by Tavis Ormandy, who filed a proof of concept earlier this week. A few days afterwards, AVG Technologies reported they had identified an attack server that was exploiting this vulnerability.
This patch, prevents a Java Network Launch Protocol file without a codebase parameter from working. It can be downloaded now.